# 1-系统centos6.7
# 2-涉及rpm包，在清华源下载
# https://mirrors.tuna.tsinghua.edu.cn/centos-vault/6.0/os/x86_64/Packages/
#    autoconf-2.63-5.1.el6.noarch.rpm
#    automake-1.11.1-4.el6.noarch.rpm
#    gcc-c++-4.4.7-16.el6.x86_64.rpm
#    nfs-utils-1.2.3-64.el6.x86_64.rpm
#    telnet-0.17-48.el6.x86_64.rpm
#    telnet-server-0.17-48.el6.x86_64.rpm
#    xinetd-2.3.14-39.el6_4.x86_64.rpm
# 3-涉及源码包
#    openssl-1.1.1g.tar.gz
#    openssh-9.6p1.tar.gz

TMOUT=''
HISTSIZE=999
HISTFILESIZE=999
# 备份配置文件，理论上不会被覆盖
# 参考file\shell脚本\backup.openssh.sh)
cp -av /etc/ssh /tmp/ssh.bak.$(date +%F_+%s)

# 传送 rpm包
# 传送 openssh和openssl包
yum install *.rpm -y
tar xf openssh-9.6p1.tar.gz
tar xf openssl...tar.gz

vi /etc/services
# 去掉 telnet 23/tcp的注释

vi /etc/xinetd.d/telnet
# 改disable = no

vi /etc/pam.d/login
#注释 auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so

vi /etc/securetty
'''
# 追加远程
pts/1
pts/2
pts/3
pts/4
'''

# 重启xinetd
service xinetd restart
# 验证telnet是否生效
telnet localhost

# 查看当前ssh和ssl路径和版本
[appadmin@IMS-yskp-proxy1 ~]$ whereis ssh
ssh: /usr/bin/ssh /etc/ssh /usr/share/man/man1/ssh.1 /usr/share/man/man1/ssh.1.gz
[appadmin@IMS-yskp-proxy1 ~]$ whereis openssl
openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl /usr/local/openssl /usr/share/man/man1/openssl.1ssl.gz
ssh -V
openssl version

# 进入openssh目录，指定应用目录和配置目录以及ssl目录
cd openssh-9.6p1
# ./configure --prefix=/usr --sysconfdir=/etc/ssh/ --with-ssl-dir=/usr/local/openssl/

./configure --prefix=/usr/ --mandir=/usr/share/man/
make
make install-files

# 查看配置文件是否被覆盖
diff /etc/ssh/sshd_config /tmp/ssh.bak.20240226/sshd_config
grep -P -v '^#' /etc/ssh/sshd_config
grep -P -v '^#' /tmp/ssh.bak.20240226/sshd_config
'''
AuthorizedKeysFile      .ssh/authorized_keys
Subsystem       sftp    /usr/libexec/openssh/sftp-server
PermitRootLogin no
'''

# 重启服务
service sshd restart

# openssl忘了记了，再碰到再说，make的时候可能会报一个glibc的版本不够，升级较麻烦